b3e949f8f2137efed9fcbf6851a4b173_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3e949f8f2137efed9fcbf6851a4b173_JaffaCakes118
Size

292KB
MD5

b3e949f8f2137efed9fcbf6851a4b173
SHA1

3bd659bee6d937dafc69fbe152887b08b5950de7
SHA256

f512afac4542f77bea0647c3d99d2c38364f4c6bbfed03c59d7158aeea4be3fa
SHA512

546f22abd6e896dc456fd341c70e66363d48842b4b67a0b4f658b50690f6baf7ca62d0140fcf9321a328521ccc97c9335224d2460a4ad96dd27b33828a082406
SSDEEP

6144:CxLZvX4y9f7wTuyU53txueq6bfkUL0MIe4CB:qeyGTuQ6zjLh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3e949f8f2137efed9fcbf6851a4b173_JaffaCakes118

Files

b3e949f8f2137efed9fcbf6851a4b173_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

cbc92ba58c4c02cf7fa5db5e3bf6dd83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PortableDeviceWMDRM.pdb

Imports

msvcrt

_initterm
_XcptFilter
_amsg_exit
_adjust_fdiv
??1type_info@@UAE@XZ
realloc
_unlock
__dllonexit
_lock
_onexit
memmove
??_V@YAXPAX@Z
malloc
free
_CxxThrowException
??2@YAPAXI@Z
??_U@YAPAXI@Z
memset
memcpy
_errno
__CxxFrameHandler
??3@YAXPAX@Z

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
GetTraceEnableFlags
TraceMessage
RegEnumKeyExW

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
lstrlenA
UnhandledExceptionFilter
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetModuleHandleW
LoadLibraryExW
LoadLibraryA
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
DeleteCriticalSection
SetUnhandledExceptionFilter
CloseHandle
GetProcAddress
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
FindResourceW
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection

user32

UnregisterClassA
CharNextW

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringLen

ole32

CLSIDFromString
StringFromGUID2
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

rpcrt4

IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_Connect

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbc92ba58c4c02cf7fa5db5e3bf6dd83

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

oleaut32

ole32

rpcrt4

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 124KB

.orpc Size: 512B - Virtual size: 51B

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 151KB - Virtual size: 151KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 124KB

.orpc
Size: 512B - Virtual size: 51B

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 151KB - Virtual size: 151KB

.reloc
Size: 6KB - Virtual size: 6KB